CMS Made Simple is prone to an OS command injection which allows attackers the execution of system commands.
This module exploits a vulnerability in Microsoft Office Word. The flaw is related in how Microsoft Word parses SOAP WSDL links. It is possible to open a RTF file and execute arbitrary code in vulnerable installations of Microsoft Office Word.
This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Fuji Electric Monitouch is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted.v8 document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
A vulnerability exists in the way RAT Gh0st Controller Server process a remote request. The vulnerability is caused due to a boundary when handling network messages and can be exploited to cause a buffer overflow via a specially crafted packet sent to the server.
Eaton ELCSoft is prone to a heap-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .EPC document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
A heap overflow in the ActiveX control nvA1Media.ocx in Advantech WebAccess allows remote attackers to execute arbitrary code via a crafted argument to the Caption method. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7 or 8) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The specific flaw exists within the parsing of a pm3 project file. A heap-based buffer overflow vulnerability exists in a call to memcpy. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. The attacker must entice a victim into viewing a specially crafted shortcut. The shortcut file and the associated binary may be delivered to a user through removable drives, over network shares or remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
HP Intelligent Management Center is prone to a remote vulnerability that allows attackers to execute commands under the context of system.